More than 610,000 Roblox accounts were reportedly stolen. Was yours or your child’s among them? Ukrainian police arrested three individuals in Lviv who allegedly orchestrated one of the largest Roblox account theft operations to date.
Between October 2025 and January 2026, the hacking group is said to have compromised over 610,000 Roblox accounts, including at least 357 high-value “elite” accounts, making around $225,000 from selling access to them. The hackers distributed infostealing malware disguised as game-enhancement tools, harvested login credentials from infected devices, and sold accounts through a Russian website and closed online communities based on their value.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Royal Mail cyber attack carried out by Russian-linked ransomware gang
January 13, 2023
A ransomware gang linked to Russia carried out the Royal Mail cyber attack that suspended international postal deliveries. It is understood that Royal Mail’s investigation found the gang, named Lockbit, infected machines that print customs labels for parcels being sent overseas. The attack has left more than half a million parcels and letters stuck in limbo. Lockbit’s ...
- Hackers compromised Ontario liquor board website, stole customer data
January 12, 2023
Cyber attackers compromised the website of Ontario’s Liquor Control Board and stole personal information of customers who bought products online, the retailer has acknowledged. “At this time, we can confirm that an unauthorized party embedded malicious code into our website that was designed to obtain customer information during the checkout process,” the Crown corporation said in ...
- Hackers exploit Control Web Panel flaw to open reverse shells
January 12, 2023
Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel (CWP), a tool for managing servers formerly known as CentOS Web Panel. The security issue is identified as CVE-2022-44877 and received a critical severity score of 9.8 out of 10 as it allows an attacker to execute code remotely without authentication. On January 3, ...
- The US government is building an AI sandbox to tackle cybercrime
January 10, 2023
A joint effort between the Science and Technology Directorate (S&T) – housed within the Department of Homeland Security (DHS) – and the Cybersecurity and Infrastructure Security Agency (CISA), an AI sandbox will be designed for researchers to collaborate and test analytical approaches and techniques in combating cyber threats. CISA’s Advanced Analytics Platform for Machine Learning (CAP-M) ...
- A UN committee is struggling to define what cybercrime is in upcoming treaty
January 10, 2023
A United Nations committee – whose members include delegates from the U.S., China and Russia — is meeting throughout this week and next to continue negotiations for a new international cybercrime treaty. Why it matters: The finished UN cybercrime treaty will jumpstart a wave of new laws around the world based on the agreed-upon principles in ...
- Iowa’s largest city cancels classes due to cyber attack
January 9, 2023
Iowa’s largest school district cancelled classes for Tuesday after determining there was a cyber attack on its technology network. Des Moines Public Schools announced Monday that classes would be cancelled for its 33,000 students after being “alerted to a cyber security incident on its technology network.” The district said in a news release that it took its ...